Keeping passwords secret: Hudson plugin development

By | September 20, 2010

A common problem with several Hudson plugins is storing passwords and other sensitive data as plaintext as seen here, here, here, and here. There are more examples than I’d care to list here.

What prompted me to write this is a bug in the email-ext that I just fixed where credentials were being stored in plain text. The solution is so easy there’s no excuse not to do it.

The trick is to use hudson.util.Secret and the usage is dead simple:

[java]
public class MyPublisher extends Notifier {

private Secret password;

public String getSmtpAuthPassword() {
return Secret.toString(smtpAuthPassword);
}

// … snip …

public static final class DescriptorImpl extends BuildStepDescriptor<Publisher> {
@Override
public boolean configure(
StaplerRequest req, JSONObject formData) throws FormException {
password = Secret.fromString(
nullify(req.getParameter("mypublisher.auth.password")));
// … snip …
}
}
}
[/java]

For what it’s worth, the docs for this class gives this notice:

[text]
Note that since the cryptography relies on hudson.model.Hudson.getSecretKey(), this is not meant as a protection against code running in the same VM, nor against an attacker who has local file system access.
[/text]

So there you have it, there’s no good reason to not be reasonably secure.

Leave a Reply

Your email address will not be published. Required fields are marked *